December 12, 2024 at 07:39AM A recently patched vulnerability in Apple’s iOS and macOS could allow unauthorized access to sensitive user data by bypassing the TCC security framework. Tracked as CVE-2024-44131, this flaw was linked to the FileProvider component. Attackers could exploit it to intercept user actions without raising alerts. ### Meeting Takeaways – Dec … Read more
December 11, 2024 at 02:57PM Apple released significant security updates for iOS 18.2 and macOS Sequoia 15.2 to address vulnerabilities, including data leakage and code execution risks. Key patches target flaws in kernel, WebKit, and AppleMobileFileIntegrity components, and fix a critical defect in libexpat that could lead to unauthorized remote actions. ### Meeting Takeaways: 1. … Read more
November 20, 2024 at 12:18AM Apple has released security updates for multiple operating systems to fix two actively exploited zero-day vulnerabilities: CVE-2024-44308, allowing arbitrary code execution, and CVE-2024-44309, enabling cross-site scripting (XSS) attacks. Users are urged to update their devices promptly to mitigate security risks. **Meeting Takeaways: November 20, 2024 – Security Updates on Zero-Day … Read more
October 5, 2024 at 01:30AM Apple has released iOS and iPadOS updates addressing two security issues. One flaw could enable VoiceOver to read out a user’s passwords, impacting various iPhone and iPad models. Another vulnerability allowed capturing audio before the microphone indicator is on. Users are urged to update to iOS 18.0.1 and iPadOS 18.0.1 … Read more
July 30, 2024 at 04:54AM Apple announced security updates for iOS, iPadOS, and macOS. iOS 17.6 and iPadOS 17.6 fixed 35 security flaws, while macOS Sonoma 14.6 addressed nearly 70 vulnerabilities. Fixes included patches for third-party components. Safari, tvOS, visionOS, and watchOS also received updates. Users are urged to update their devices promptly. More details … Read more
March 26, 2024 at 08:48AM Apple has issued security updates for iOS and macOS to fix an arbitrary code execution vulnerability affecting CoreMedia and WebRTC components. This issue, also impacting the dav1d AV1 decoder, can lead to memory corruption and arbitrary code execution. The company credited Google Project Zero researcher Nick Galloway for reporting the … Read more
March 6, 2024 at 12:06PM Apple’s latest security patches fix four vulnerabilities in iOS and iPadOS, including two exploited zero-days. The vulnerabilities, registered as CVE-2024-23225 and CVE-2024-23296, allow attackers to bypass kernel memory protections but were patched with improved validation. The updates also addressed other minor vulnerabilities and introduced new features, including options for browser … Read more
December 12, 2023 at 02:18AM Apple has released security patches for multiple products, including iOS, iPadOS, macOS, tvOS, watchOS, and Safari browser. The updates address numerous security flaws, including two recent zero-day vulnerabilities. Vulnerabilities range from keystroke injection to arbitrary code execution. The updates also include improvements in privacy protection and address actively exploited security … Read more